Florian Meindl

‼️🚨 BREAKING: Another supply chain attack. 700+ GitHub repositories flagged, including PHP and Node.js projects. The malicious script was planted across all of them. When a developer installs the package, the script silently downloads a Linux file from GitHub, hides it under the name /tmp/.sshd (so it looks like a normal system file), and runs it in the background. It also skips security checks on the download and hides any error messages. 8 PHP packages on Packagist (the main PHP code library) were confirmed infected. The attacker hid the script inside a JavaScript config file (package.json) instead of the PHP one (composer.json), so PHP developers reviewing their code would not notice it. The biggest risk is to devdojo/wave (6,400 stars) and devdojo/genesis (9,100 installs), both popular Laravel project templates. Developers who use these templates run the bad script the moment they install dependencies. The same payload was also dropped into GitHub Actions (automated build pipelines) under a fake step called "Dependency Cache Sync," meaning it could infect company build servers too. Packagist removed the bad packages, but the auto-updating versions (dev-main, dev-master, 3.x-dev) can quietly come back if the original repos stay infected. IOCs: GitHub account parikhpreyash4 repo systemd-network-helper-aa5c751f drop path /tmp/.sshd command fragments curl -skL and chmod +x /tmp/.sshd.

SERV is building the infrastructure layer for the agent economy in real time and this week proved it. In the past week alone at SERV: • Private Beta crossed 100,000 requests. • Greg Ivanov, ex-Google, joined as key advisor. • Phase 2.4 was revealed - agent auditing at scale with Graph Sharding. Enterprise: • 3 enterprises moved their workloads to SERV. • Neol hit 100% reliability with the UAE government. Benchmarks held the pattern: • Qwen 3.7-Max with SERV beat every frontier model tested. • Gemini 3.5 Flash launched and was made stronger by SERV the same day. Next up: wish we could tell you already. 👀

🚨🇩🇪 Vorschlag zur Haltefrist in Deutschland abgelehnt! Die Grünen wollten die 1 Jahres Haltefrist für Bitcoin & Kryptowährungen abschaffen. Der Vorschlag wurde im Finanzausschuss jedoch abgelehnt. Dagegen waren vor allem CDU/CSU und AfD, die sich klar für den Erhalt der steuerfreien Haltefrist ausgesprochen haben. Damit bleibt es in Deutschland vorerst dabei: Wer Bitcoin und Krypto länger als 1 Jahr hält, kann Gewinne weiterhin steuerfrei realisieren. Der politische Druck auf Bitcoin nimmt trotzdem sichtbar zu.

I had given Grok in Hermes several different tasks. Each time, I specified the exact path to get there and the precise goal. Unfortunately, up to now, there hasn't been a single instance where he actually completed it. Instead, every single time he claimed that everything was finished. Even with a task where he simply had to copy his previous output and only change some content (while the path to the goal remained exactly the same), he only completed half of it. Even when using extra skills, he always says what he's going to do and that he's starting now. But he only actually starts when I explicitly say "yes" or "go". He also didn't know that he can create images himself.Overall, unfortunately a mostly negative experience. For comparison: GPT-5.5 completed the exact same task in one go on the VPS (not locally), looked beyond the immediate instructions, realized that part of the task was completely unnecessary, found a more effective solution, and even created an additional skill for it right away.

That's exactly why I invested in something else for the first time since IOTA. It's an innovation that is genuinely necessary and important. Given that, the benchmarks of the actual product are extremely positive, it looks like it was absolutely the right decision - at least for now. (: